I'm working for a small ISP and I'm trying to figure out how I can add a frame window to all websites that all users on our network see, so that we can promote faster speeds / notify users of downtime. I've seen this done by some ISPs, where they add a frame at the top of a website that you can opt out of, and I'm curious to know how this could be accomplished. So far, my best guess is that:

Some sort of proxy system (SQUID?) is involved that rewrites HTML or appends to html code as it comes through

This sounds completely unethical and irresponsible. An ISP has no business mucking with anything above layer 3.
–
JakePaulusAug 5 '11 at 22:16

3

I have to agree with Jake. If I were a customer of yours and you started doing that to websites I visited, I'd cancel my service in a heartbeat.
–
SmallClangerAug 5 '11 at 22:17

2

Are you going to compensate everyone whose websites you're hijacking for the loss of income due to users from your ISP going "WTF is this?" and closing their browsers? What about when you break someone's site layout and their pages look like balls because of the crap you injected? Follow @JakePaulus' advice and STAY THE HELL OUT OF MY LAYER 7. You're also being disingenuous: in your comment, you said it's to "notify people of ... downtime", yet in your question you explicitly talk about upselling customers on faster service.
–
wombleAug 5 '11 at 22:38

2

@Timothy: Can you site the large ISP's that do this and provide us with examples?
–
joeqwertyAug 5 '11 at 22:43

1

@Timothy: I guess we are all fed up with ISP's who give themselves the right to stuff like that, or Deep Packet Inspection or whatever. Your job as an ISP is to route packets to and from the user. Nothing else.
–
Sven♦Aug 5 '11 at 22:59

3 Answers
3

Of the options you listed a captive portal seems like the least evil. With a captive protal you aren't framing content, you simply use DNS/DHCP hacks to redirect the user to your own web site when they attempt to visit a page.

A captive portal would work for what I need to accomplish, but I guess I just figured a customer would prefer to be taken to their website rather than redirected to a different website, and have to click through something to get where they were going. Can you recommend any captive portals that would simply provide a one time page to a customer, and then allow them to continue on to wherever they originally intended to go?
–
TimothyAug 5 '11 at 22:56

1

Here's the problem with using a captive portal in your situation: A captive portal is great when a user is a guest on a particular network and are aware that they are a guest, such as in an airport or a coffee shop. It's not such a great idea when the user is not a guest, such as when they're at home browsing the internet via an ISP that they pay a monthly fee to for the priveledge of said internet access. I just don't think this is going to sit well with your users.
–
joeqwertyAug 5 '11 at 23:04

That's why I didn't want to go with a captive portal, because I'm not sure how I could make it such that the subscriber only sees the page once. The thing with the frames is that I figured I could give the user a notification, they'd see their page they intended to go to, and click "Opt out of notifications" and not receive any again in the future.
–
TimothyAug 5 '11 at 23:06

@joeqwerty, I agree with you generally, but I am not sure the average person (not super users like us) would really mind being stopped by a captive portal if it was very infrequent.
–
ZoredacheAug 5 '11 at 23:07

Doing this is perfectly possible with Squid, I've done it in the past (old job, april fools day joke at a very small web firm, only internal employees effected), however at the ISP level, you bound to run into a laundry list of problems, and i'm sure some legal problems in there too.

As an alternative, It might be easier to build a server that calls all your clients. Thats what my Local ISP does.

There's plenty of open-source PBX's out there (asterisk is the big one) that can easily be programmed to call out to a list of numbers (surely you have those on your customers, right?) and leave them a message (or play a recording) saying whatever message you need.

Personally, I prefer being contacted via Email first, then via Phone (or txt message). I wouldn't be thrilled if someone was injecting things into my webpages.

Actually, I like this option, and since we're also a telephone company, this could work. Could this be accomplished with Asterisk maybe?
–
TimothyAug 5 '11 at 23:11

Yep. There's a mirad of examples around the internet, and I personally have used asterisk for this exact purpose in the past. (kinda why i recommended it) Just as a tip, Check the laws wherever you are, sometimes there will be a case were if the recipient picks up and presses a number, you have to deliver them to a representative in a certain time period for outgoing automated calls.
–
GruffTechAug 5 '11 at 23:14

This sounds like a better idea to me, although you're probably going to rustle the feathers of people who don't like getting unsolicited phone calls. Still, it seems like a less manipulative and intrusive method. How do you bill your customers? Is there any way to accomplish what you need through the billing process?
–
joeqwertyAug 5 '11 at 23:18

2

You know what I would do? I would send a notice with the next bill that you will be moving to an email notification system for communicating outages, upgrades, new services, etc. and inform the customers in the notice that if they want to participate in receiving these emails to send an email to you at notifications@yourcompany.com. That way you've given them an opt-in and performed your due dilligence. Any complaints after that are on the customer and you can simply request their email address for future notifications.
–
joeqwertyAug 5 '11 at 23:32

1

Yeah, who takes customers offline for maintenance? For "unscheduled maintenance", if the customer's connection is down, then how are they going to be requesting webpages for you to manipulate to tell them that their Internet connection is down?
–
wombleAug 5 '11 at 23:33

Notify your customers via email and/or your own web site. Don't hijack their browser to use as your advertising/notification platform. It may or may not be unethical but it's a bad business model and it smacks of a 1999 era idea of what an ISP should and shouldn't do.

If I were a customer and you did that to me I would most assuredly take my business elsewhere.

I know your intentions are well meaning but the idea is in bad taste and bad form.

You're getting a pretty harsh response to your question, which speaks to it's level of unpopularity, but I hope that doesn't discourage you from sticking around and asking other questions, providing answers and comments, and being a part of our "community". We all take our lumps from time to time.

The problem is that we don't have everyone's e-mail address. The website is an option, I suppose, but we'd like a better notification system. Thanks for a civil response, though.
–
TimothyAug 5 '11 at 22:51

Glad to help. Hopefully you're not too discouraged by the responses you've gotten. You hit on a sensitive spot.
–
joeqwertyAug 5 '11 at 23:07

Not at all, though I wasn't expecting quite the response that I've received. Thanks for the help.
–
TimothyAug 5 '11 at 23:27

I think it's happened to me once or twice. :)
–
joeqwertyAug 5 '11 at 23:41